System And Method For Validating A Relationship Between A User And A User Account At A Financial Institution

ABSTRACT

A system and method for validating a relationship between a user and a user account at a financial institution includes a data communication device, a memory, a processor coupled to the memory, and an account validation module executable by the processor. The account validation module generates a verification identifier for storage in the memory and is provided to the user, and subsequently receives a user initiated financial transaction involving the user account at the financial institution. The received financial transaction includes a comparison identifier supplied by the user. The account validation module determines whether the comparison identifier corresponds to the verification identifier for purposes of validating the relationship between the user and the user account maintained at the financial institution.

CROSS-REFERENCE TO RELATED APPLICATION

This application is a continuation of U.S. patent application Ser. No. 12/275,397 filed Nov. 21, 2008, the entirety of which is incorporated herein by reference.

FIELD OF THE INVENTION

The present invention relates to data processing systems, and more particularly relates to a system and method of validating a relationship between a user and a user account at a financial institution.

BACKGROUND OF THE INVENTION

Internet-based payment service providers use payment systems (hereinafter referred to as ‘payment systems’ for the sake of brevity) that allow account holders (users) to transfer funds from accounts being maintained at their financial institutions, and perform financial transactions online with the transferred funds. For example, payment systems enable users to purchase goods and services online from the stored funds, and may also provide money market and brokerage services. However, as with other online services, there is the possibility of use of such user account for money laundering and other potentially illegal and unauthorized activity. Accordingly, it is important to implement security features that ensure that the transfer of funds to and from such accounts is legitimate, authorized, auditable and traceable.

Therefore, it would be desirable to provide a system and method of ensuring that a user account being maintained at a financial institution legitimately belongs to the user.

SUMMARY OF THE DISCLOSURE

In a first aspect, the present invention provides a system for validating a relationship between a user and a user account at a financial institution that includes a data communication device, a memory, a processor coupled to the memory, and an account validation module executable by the processor. The account validation module is adapted to generate a first verification identifier for storage in the memory, provide a second verification identifier corresponding to the first verification identifier to the user, receive a user initiated financial transaction involving the user account at the financial institution, the received financial transaction including a comparison identifier supplied by the user, and determine if the comparison identifier corresponds to the stored first verification identifier for purposes of validating the relationship between the user and the user account maintained at the financial institution.

In another aspect, the present invention provides a method of validating a relationship between a user and a user account at a financial institution that includes providing a verification identifier to a user, receiving a user initiated financial transaction involving the user account at the financial institution, the received financial transaction including a comparison identifier, and determining whether the received comparison identifier corresponds to the verification identifier provided to the user for purposes of validating the relationship between the user and the user account maintained at the financial institution.

In yet another aspect, the present invention provides a system for validating a relationship between a user and a user account at a financial institution that includes a data communication device, a memory, a processor coupled to the memory, and an account validation module executable by the processor. The account validation module is adapted to: (1) receive, from the user, user profile data containing a first account identifier of the user account, (2) generate a verification identifier, provide the verification identifier to the user, (3) receive a user initiated financial transaction involving the user account at the financial institution, the received financial transaction including a comparison identifier supplied by the user and a second account identifier, and (4) validate the relationship between the user and the user account maintained at the financial institution if the received comparison identifier corresponds to the generated verification identifier and the received second account identifier corresponds to the first account identifier contained in the received user profile data.

BRIEF DESCRIPTION OF THE DRAWINGS

FIG. 1 is a block diagram of an exemplary financial system in which the present invention may be employed.

FIG. 2 is an exemplary computer employed by the payment system to enable validation of a user account at a financial institution according to an embodiment of the present invention.

FIG. 3 is a flow chart of an exemplary process by which a user sets up an internal account with the payment system according to an embodiment of the present invention.

FIG. 4 is a schematic diagram of an exemplary user profile record according to an embodiment of the present invention.

FIG. 5 is a flow chart of an exemplary method of validating a user account at a financial institution according to an embodiment of the present invention.

FIG. 6 is an exemplary online banking transfer form according to an embodiment of the present invention.

DETAILED DESCRIPTION OF THE INVENTION

According to the present invention, a user establishes an internal account with a payment service provider, providing user profile data to the payment system which the payment system stores in a user profile record to identify the account. The user profile record, which is maintained securely, includes information identifying an account at a financial institution (other than the payment system) that the user may employ to transfer funds to or from the payment service provider. The financial institution may be a bank, a credit card facility or any other institution at which the user maintains a financial account. For example, a user may have an account at XYZ bank; the user profile record will then include the routing information of the XYZ bank and the user's account number at the XYZ bank.

When the internal user account is established at the payment service, the payment system generates a unique verification identifier associated with the account, and then sends the verification identifier or a corresponding verification identifier to the user. To ensure that the user has control of the user account at the financial institution, the payment service requests the user to perform a financial transaction with the user account (e.g., transfer $50 from the financial institution to the internal account maintained at the payment service) by including the verification identifier in the transaction.

Subsequently, when a financial transaction is received from the financial institution attempting to transfer funds into the user's internal account, the payment system validates that the user has a pre-existing relationship with the financial institution as a security measure. Specifically, the user directs the financial institution to include the verification identifier it has received previously from the payment system with the transaction along with the user's account information at the financial institution. Upon receipt of financial transaction, the payment system uses the received identifier as an index to locate the user's profile record. The payment system then determines whether financial account information included in the financial transaction matches the financial information in the user's profile record, indicating that the user has a relationship with the financial institution. If the relationship is validated, the verification identifier is no longer required to be included in further financial transactions between the financial institution and the payment system. However, the verification identifier may be included in further financial transactions for purposes of revalidation or as a steering mechanism to direct deposits to the appropriate user account.

FIG. 1 is a block diagram of an exemplary financial system 100 in which the present invention may be employed. The system 100 includes a payment system 102 employed by a payment service provider, in which a user 104 may establish financial accounts that store funds and which may be used to pay for goods and services online in a convenient manner. The user 104 may be any individual or corporate entity seeking to establish and use an account in the payment system 102. The user 104 may be connected to the payment system 102 via the Internet 106 using any suitable wire or wireless communication link.

The user 104 maintains a financial account at a financial institution 108. The financial institution 108 may be a bank, credit card facility, money market account or any other institution which holds financial accounts. The user 104 has control over the financial account at the financial institution 108 and can direct the financial institution 108 to transfer funds from the financial account by various means (e.g., check, credit or debit card, wire instruction, online interface, etc.) in a financial transaction. The financial institution 108 may communicate the financial transaction to the payment system 102 via a secure link 110, which may be proprietary, using known communication methods. For example, if the financial institution 108 is a bank, the financial transaction may be implemented using a direct entry (DE) file communicated by direct inter-bank transfer or through intermediary entities such as the Automated Clearing House (ACH). To support online communications, the financial institution 108 may also be connected to the Internet 106.

It is to be appreciated that while the system 100 of FIG. 1 is depicted as having a single user 104 and a single financial institution 108, this depiction is merely illustrative, and system 100 typically includes a plurality of users, each of which may have accounts at one or more financial institutions.

Referring now to FIG. 2, an exemplary computer (e.g., server) 200 of the payment system 102 is shown. The computer 200 includes a communication device 202 adapted for data communication using a plurality of communication modes and protocols. The communication device 202 receives information from and sends information to the user 104 via the Internet 106 and from/to the financial institution 108 over link 110. The computer 200 also includes a processor (CPU) 204, memory storage 206, program storage 208, and data storage 210, all commonly connected to each other through a bus 212. The program storage 208 includes an account validation module 214 that further includes a user registration module 216 and a matching module 218. The user registration module 216 includes program code for establishing internal user accounts and may support a web-based interface with forms, dialog boxes, etc. that prompt the user to enter information to register with the payment system 102. The matching module 216 performs validation of user accounts at financial institutions. The data storage 210 stores a user profile records 220 for all internal user accounts of the payment system 102. The software program modules in the program storage 208 and data in the data storage 210 may be transferred to the memory 206 as needed for ready access by the processor 204.

It is to be appreciated that the computer 200 may comprise any computer such as a personal computer, minicomputer, workstation or mainframe, or a combination thereof. While the computer 200 is shown, for illustration purposes, as a single computer unit, the system may comprise a group/farm of computers which can be scaled depending on the processing load and database size.

FIG. 3 is a flow chart of an exemplary process 300 by which a user 104 sets up an internal account with the payment system 102 according to an embodiment of the present invention. In step 302, the method begins. The user registration module 216 of the payment system 102 may support a web interface (not shown) having a registration form that prompts the user 104 to enter personal information (user profile data). In step 304, the user registration module 216 receives the user profile data entered into the web interface. In step 306, the user registration module 216 creates an internal account for the user 104 with a unique account identifier, such as an account number. In some embodiments, to keep the unique account identifier secure, the account identifier is not provided to the user and is kept inaccessible from the user 104 even when the user accesses his or her account at the payment system 102. This security measure reduces the possibility of identity theft and unauthorized access to the user's account.

In a following step 308, the user registration module 216 creates a user profile record associated with the new internal account (i.e., with the new unique account number) to store the received user profile data. The user profile record 400 may be stored as part of a database 220 of user profile records. An exemplary user profile record 400 according to an embodiment of the present invention is shown in FIG. 4. The exemplary user profile record 400 includes personal information 402 such as a secure ID 402, the user's name 404, address 406, verification identifier (explained below) 408, email address 410, tax ID 412, and account balance 414. In addition, the user profile record 400 includes financial account information 420, 430 for two financial institutions (financial institution #1, financial institution #2) at which the user maintains financial accounts. The financial account information 420 includes the name of financial institution 422, the routing number of the institution 424, the user's account number at the institution 426 and a verification flag 428 indicating whether the user's relationship with financial institution #1 has been verified. Financial account information 430 includes similar name 432, routing 434, account 436, and verification flag 438 information with respect to financial institution #2. The user profile record 400 may also include a transaction history 440 containing a list of transactions the user has performed using the payment system 102. The user profile record 400 may also include any other user information deemed appropriate.

Referring again to FIG. 3, the user registration module 216 receives the personal information 402 and financial account information of at least one of the financial institutions 420, 430 in step 308. In step 310, the user registration module 216 generates a unique verification identifier to be associated with the user profile record 400 (internal user account). In some embodiments, the verification identifier is a number or alphanumeric string of less than 16 digits or characters. The verification identifier may be partially or fully based on user information supplied by the user. For example, the identifier can be based on the name of the user whose name character string is converted into a number and then truncated to an appropriate size. In step 312, the user registration module 216 sends the verification identifier to the user 104. In some embodiments, in a following step 314, the user registration module 216 generates a second verification identifier derived from the first verification identifier (e.g., by hashing) and stores the second verification identifier in the user profile record 400 rather than the first verification identifier that has been sent to the user 104 as an added security measure. According to this embodiment, the verification identifier held by the user 104 and the verification identifier stored in the user profile record 400 differ, so that the verification identifier given to the user 104 is not directly accessible to personnel of the payment system 102.

In step 316, the user registration module 216 sends payee bank information of the payment system 102 to the user 104 (i.e., the account information of the payment system at a bank), enabling the user 104 to direct a money transfer from the user's financial institution 108 to the bank account of the payment system 102 and thereby to the internal user account at the payment system 102.

FIG. 5 is a flow chart of an exemplary method 500 of validating a user account at a financial institution according to an embodiment of the present invention. In step 502, the method begins. In step 504, a matching module 218 of the payment system receives a financial transaction notification (denoted simply as ‘financial transaction’ herein) from the financial institution 108 as directed by the user 104. FIG. 6 is an exemplary online banking transfer form 600 which the user may employ to transfer funds from the financial institution 108 to the user's account at the payment system 102. As indicated, the form 600 includes text input boxes for entering: the financial account information of the sending institution (From Account) 602, the financial account information of the payment system 604, the amount of the transfer 606, and reference information 610 as well as a selection box for the type of transfer 608. According to an embodiment of the present invention, the user 104 enters the verification identifier previously received from the payment system 102 in the reference information box 610. The information entered into form 610 is first delivered to the financial institution 108, which reformats the information into a financial transaction notification according to known inter-bank transfer protocols. For example, the financial institution 108 may incorporate the financial transaction in a direct entry (DE) file. Importantly, DE files may have fields and/or spaces in which the reference information 610 entered into the form 600, i.e., the verification identifier, may be entered. Since the matching module 218 tests the verification identifier included in the financial transaction, it is referred to as the ‘comparison’ identifier in the description below. Similarly, financial account information 602, 604, 606 is denoted as ‘second’ financial account information. The financial institution 108 sends the financial transaction to the payment system's account at the payee bank (not shown), which then passes the financial transaction to the matching module 218 of the payment system 102.

After the matching module 218 receives the financial transaction, in step 506, the matching module 218 queries the user profile records 220 for a corresponding verification identifier, for example, by performing the same hash used to derive the stored verification identifier on the comparison identifier and then comparing the hashed result with the stored verification identifier in the user profile record 400. It is noted that in embodiments in which the verification identifier that is sent to the user 104 and the stored verification identifier are the same, that a hashing process is not performed. If the user 104 has not registered with the payment system 102, in step 508, the matching module 218 causes a message indicating a denial of the transfer to the financial institution 108. After step 508, the method ends in step 518. If it is determined in step 506 that the user 104 has registered with the payment system 102, the comparison identifier will correspond to the stored verification in the user profile record database, and, in step 510 the corresponding user profile record is returned as the output of the query. In step 512, the matching module 218 then determines whether the second financial account information included in the financial transaction matches the first financial account information stored in the user profile record 400. More specifically, it is determined whether all items match, i.e., whether the first and second financial account information match exactly as to the name of the financial institution, the routing number, and the user account number. If the first and second financial account information match, in step 514, the matching module 218 validates the relationship between the user 104 and the financial institution 108 and the verification flag 438 in the user profile record 400 is set (e.g., to a check, “yes”, etc.). In step 516, the matching module 218 transfers the deposit to the internal user account at the payment system 102, and updates the balance information in the user profile record 400, and then the method ends in step 518. If it is determined that the first and second financial account information do not match in step 512, the method branches to step 508, and the matching module 218 causes a transfer denial message to be sent to the financial institution 108.

Once the relationship between the user 104 and a financial institution 108 has been validated, further financial transactions sent from the financial institution 108 to the payment system 102 do not require a verification identifier to be included (however, as noted, the verification identifier may be included in further transactions for purposes of revalidation or as a steering mechanism); when a subsequent financial transaction from a financial institution 108 is received, the matching module 218 can query the user profile records 220 using the routing number and account number of the financial institution 108 and thereby determine that the verification flag 438 associated with the routing and account number has been set, indicating that the user/financial institution relationship has already been validated. In an alternative embodiment, the payment system 102 may initiate subsequent transactions as directed by the user and ‘pull’ transfers from validated financial institutions. Since both the user and the relationship of the user 104 to the financial institution 108 are trusted, pull transactions performed in this manner do not present significant security risks.

The foregoing specific embodiments represent just some of the ways of practicing the present invention. Many other embodiments are possible within the spirit of the invention. Accordingly, the scope of the invention is not limited to the foregoing specification, but instead is given by the appended claims along with their full range of equivalents. 

1. A method of establishing a trusted relationship for completing a series of electronic transactions, comprising: storing user profile data in a memory of a payment system, the user profile data relating to an account of a user with the payment system; generating a verification identifier at the payment system, wherein a first copy of the verification identifier is provided to the user, and wherein a second copy of the verification identifier is stored at the payment system; receiving a transaction request at the payment system that identifies the account of the user and that includes the first copy of the verification identifier, wherein the transaction request is received over a network from a second system, and wherein the first copy of the verification identifier is supplied to the second system by the user for inclusion in the transaction request; matching the received first copy of the verification identifier with the stored second copy of the verification identifier; storing verification information in the memory of the payment system in association with the user profile data based on a successful match between the received first copy of the verification identifier and the stored second copy of the verification identifier; and using the stored verification information to complete subsequent transaction requests from the second system relating to the account of the user, wherein the subsequent transaction requests do not require a copy of the verification identifier.
 2. The method of claim 1, wherein the transaction request pertains to a financial transaction and the second system is a banking system at a financial institution.
 3. The method of claim 1, wherein the user profile data includes account information relating to a user account at the second system.
 4. The method of claim 3, wherein the stored account information in the user profile data is matched with information included in the transaction request for further verification.
 5. The method of claim 3, wherein the account information includes a routing number and an account number.
 6. The method of claim 1, wherein the stored verification information is a verification flag that is set by the payment system.
 7. A method of establishing a trusted relationship for performing financial transactions with a financial institution, comprising: storing user profile data in a memory of a payment system, the user profile data relating to an account of a user with the payment system; storing financial account information in the memory of the payment system in association with the user profile data, the financial account information relating to a user account maintained at a financial institution; receiving a user initiated financial transaction request at the payment system that identifies the user account at the financial institution, wherein the financial transaction request is received over a network from a financial institution and includes verification information for verifying a relationship between the user and the user account at the financial institution; completing the financial transaction request based at least in part on the verification information; and completing one or more subsequent user initiated transaction requests involving the user account at the financial institution, wherein the one or more subsequent user initiated transaction requests do not require verification information.
 8. The method of claim 7, wherein the verification information includes a verification identifier.
 9. The method of claim 8, wherein the verification identifier received with the financial transaction request is compared with a copy of the verification identifier stored in the memory of the payment system to verify the relationship.
 10. A payment service system for making payments from a payment service account associated with a user, comprising: a communication device; a memory; a processor coupled with the memory and communication device; and an account validation module executable by the processor and configured to: store user profile data in the memory that relates to the payment service account; generate a verification identifier, wherein a first copy of the verification identifier is provided to the user, and wherein a second copy of the verification identifier is stored in the memory; receive a transaction request that identifies the payment service account and that includes the first copy of the verification identifier, wherein the transaction request is received over a network from a second system, and wherein the first copy of the verification identifier is supplied to the second system by the user for inclusion in the transaction request; match the received first copy of the verification identifier with the stored second copy of the verification identifier; and store verification information in the memory in association with the user profile data based on a successful match between the received first copy of the verification identifier and the stored second copy of the verification identifier; the payment service system being configured to complete subsequent transaction requests from the second system relating to the payment service account of the user, wherein the subsequent transaction requests do not require a copy of the verification identifier.
 11. The payment service system of claim 10, wherein the transaction request pertains to a financial transaction and the second system is a banking system at a financial institution.
 12. The payment service system of claim 10, wherein the user profile data includes account information relating to a user account at the second system.
 13. The payment service system of claim 12, wherein the stored account information in the user profile data is matched with information included in the transaction request for further verification.
 14. The payment service system of claim 12, wherein the account information includes a routing number and an account number.
 15. The payment service system of claim 10, wherein the stored verification information is a verification flag.
 16. A payment service system for making payments from a payment service account associated with a user, comprising: a communication device; a memory; a processor coupled with the memory and communication device; and an account validation module executable by the processor and configured to: store user profile data in the memory, the user profile data relating to the payment service account; store financial account information in the memory in association with the user profile data, the financial account information relating to a user account maintained at a financial institution; and receive a user initiated financial transaction request that identifies the user account at the financial institution, wherein the financial transaction request is received over a network from a financial institution and includes verification information for verifying a relationship between the user and the user account at the financial institution; the payment service system being configured to complete the financial transaction request based at least in part on the verification information; and the payment service system being further configured to complete one or more subsequent user initiated transaction requests involving the user account at the financial institution, wherein the one or more subsequent user initiated transaction requests do not require verification information.
 17. The payment service system of claim 16, wherein the verification information includes a verification identifier.
 18. The payment service system of claim 16, wherein the verification identifier received with the financial transaction request is compared with a copy of the verification identifier stored in the memory of the payment system to verify the relationship. 